ePrivacy Directive
Die ePrivacy-Richtlinie regelt die Vertraulichkeit elektronischer Kommunikation, Cookies, Tracking und Direktmarketing. Eine ePrivacy-Verordnung wird seit Jahren diskutiert; bis zu einer Ablösung bleibt die Richtlinie mit nationaler Umsetzung maßgeblich.
Free EU Compliance CheckerWhat does ePrivacy require and when does it apply?
ePrivacy applies to Telecommunications and Digital Services organisations across all EU member states. The key deadline is In force — update expected 2025-2026. Non-compliance carries a maximum penalty of Per member state (GDPR rates of €20M/4% apply where violation also breaches GDPR). Core obligations include obtain consent for cookies and tracking and honour opt-out for direct marketing.
- Obtain consent for cookies and tracking
- Honour opt-out for direct marketing
- Protect confidentiality of communications
- Notify breaches to authorities
- Implement privacy by default
| Deadline | In force — update expected 2025-2026 |
| Max fine | Per member state (GDPR rates of €20M/4% apply where violation also breaches GDPR) |
| Primary sectors | Telecommunications, Digital Services, E-commerce |
ePrivacy: Per member state (GDPR rates of €20M/4% apply where violation also breaches GDPR) max fine
ePrivacy applies to Telecommunications and Digital Services organisations in all EU member states. Key deadline: In force — update expected 2025-2026.
Source: Official Journal of the European Union — ePrivacy Directive
Who does ePrivacy apply to?
ePrivacy betrifft elektronische Kommunikationsdienste, digitale Dienste, E-Commerce- und Marketingprozesse, die Cookies, Tracking oder elektronische Direktwerbung nutzen.
- Cookie- und Tracking-Einwilligungen
- Direktmarketing per E-Mail oder vergleichbaren Kanälen
- Vertraulichkeit elektronischer Kommunikation
- Nationale Umsetzung und Aufsicht durch zuständige Behörden
What are the penalties for ePrivacy non-compliance?
Bußgelder und Durchsetzungsmechanismen variieren je Mitgliedstaat. In der Praxis überschneiden sich ePrivacy-Verstöße häufig mit DSGVO-Risiken.
| Maximum fine | Penalties set by national law. Cookie/consent violations may also trigger GDPR Article 83 penalties via the personal-data overlap. |
When does ePrivacy apply?
Die Richtlinie ist in Kraft. Eine Aktualisierung oder Ablösung durch eine ePrivacy-Verordnung bleibt politisch offen und sollte überwacht werden.
- 2002-07-31 — Entry into force
- 2003-10-31 — Transposition deadline
- 2009-11-19 — Amendments by Directive 2009/136/EC (cookies, breach notification)
Rechtsgrundlage für EU-Regeln zu elektronischer Kommunikation, Cookies und Direktmarketing.
Richtlinie 2002/58/EG — EUR-Lex
In force — update expected 2025-2026
Per member state (GDPR rates of €20M/4% apply where violation also breaches GDPR)
Telecommunications, Digital Services, E-commerce
Rechtsgrundlage für EU-Regeln zu elektronischer Kommunikation, Cookies und Direktmarketing.
Richtlinie 2002/58/EG — EUR-Lex
| Official name | Directive 2002/58/EC of the European Parliament and of the Council concerning the processing of personal data and the protection of privacy in the electronic communications sector (as amended by Directive 2009/136/EC) |
| Reg. No. | 2002/58/EC |
| CELEX | 32002L0058 |
| Type | directive |
| In force | 2002-07-31 |
| Applies from | 2003-10-31 |
| Transposition | 2003-10-31 |
| Max fine | Penalties set by national law. Cookie/consent violations may also trigger GDPR Article 83 penalties via the personal-data overlap. |
| Authorities | National DPAs (in most member states) (member-state) National communications regulators (in some member states) (member-state) |
| Source | 2002/58/EC — EUR-Lex Official Journal |
How do I comply with ePrivacy?
- Obtain consent for cookies and tracking
- Honour opt-out for direct marketing
- Protect confidentiality of communications
- Notify breaches to authorities
- Implement privacy by default
Does ePrivacy apply to your business?
Find out in 2 minutes with our free regulation checker.
Check now — freeePrivacy by Country
Explore ePrivacy in depth
ePrivacy by Industry
Related Regulations
GDPR
GDPR governs the processing of personal data of EU residents. It requires lawful basis for processing, data subject rights, breach notification, and accountability measures.
DSA
The DSA creates obligations for online platforms and search engines to tackle illegal content, protect users, and ensure algorithmic transparency. Very large platforms face enhanced obligations.
AI Act
The EU AI Act classifies AI systems by risk level and imposes obligations on providers and deployers. High-risk systems face mandatory conformity assessments, documentation, and human oversight requirements.
Explore ePrivacy in depth
Penalties & Fines
See enforcement patterns, fine tier tables, and real enforcement cases across EU member states.
Deadline Timeline
Key milestones, implementation phases, and country-specific deadlines and phased rollout dates.
Industry Guides
Sector-specific ePrivacy guidance for SaaS, fintech, healthcare, and other affected industries.
Next step — classify
Classify your AI systems
Use the free regulation checker to find out exactly which ePrivacy obligations apply to your business in 2 minutes.
Check Your Compliance Obligations
Find out which ePrivacy obligations apply to your organisation in under 2 minutes.
For informational purposes only. This is not legal advice — consult qualified legal counsel.
Last verified: · Source: EUR-Lex 32002L0058 · Editorial policy